Gartner security analyst Neil MacDonald thinks there are five levels to the discussion [gartner.com] about whether Microsoft should be in the security business. They include secure coding (obviously), secure functionality in the platform at no cost (of course), add-on security products at a fee (maybe) and paid cloud-based security services (sure).
All three major Web browsers – Microsoft’s Internet Explorer 8, Mozilla Firefox and Apple’s Safari — failed to survive the hacker onslaught at this year’s CanSecWest Pwn2Own contest.
A security researcher named “Nils” (he declined to provide his full name) performed a clean drive-by download attack against the world’s most widely used browser to take full control of a Sony Vaio machine running Windows 7. He also scored hits against Firefox and Safari.
A parade of security researchers spent the better part of Wednesday at the CanSecWest conference putting the lie to the notion that iPhones, Windows Mobile devices and other smartphones are not really targets for attackers.
By Paul F. Roberts, The 451 Group
Starting this week at the annual CanSecWest conference in Vancouver, British Columbia, some of the world’s best hackers will crack their knuckles and get to work on a different kind of problem: hacking mobile devices including Apple’s über popular iPhone. The annual Pwn2Own contest is likely to be a wake-up call to companies about the dangers posed by BlackBerrys, iPhones and other mobile devices. Despite that, many security firms are still playing catch up on mobile device management and security. Their enterprise customers may pay the price.
We recently conducted a project focused on confidential data security [enterprisestrategygroup.com] that will be published soon. However, here are some interesting advance results that support this venerable security dictum. ESG asked 308 North American and European security professionals from large organizations (i.e. 1,000 employees or more) a number of questions about data security risks, policies, and technology safeguards. When asked to define the most important measures for protecting confidential data, nearly half of all respondents said, “communicating and training users on confidential data security policies.” This was the top response followed by, “physical security,” and “access controls for private data.”
By Bob McMillan, ComputerWorld
Diebold has released a security fix for its Opteva automated teller machines after cybercriminals apparently broke into the systems at one or more businesses in Russia and installed malicious software.
Adobe vs. Microsoft on Security Response – Fri, March 6, 2009
Ryan and Roel discuss the latest zero-day vulnerabilities (and attacks) affecting Adobe and Microsoft customers and compare the response from the two software vendors.
The Kido Worm Attack – Fri, Jan. 23 2009
Ryan and Roel discuss the propagation techniques behind the Kido/Conficker worm attack and make important recommendations around protection and mitigation.
At the Workshop on the Economics of Information Security at Dartmouth College, experts discussed the drivers of the underground cybercrime economy, how the security story has changed in the media in recent years and what can be done to address the malware pandemic.
Emergency IE Patch – Fri, January 9, 2009
Ryan and Roel dissect the latest wave of malware attacks against Microsoft Internet Explorer browser and discuss the company’s plans to ship an emergency out-of-band update.